networkfirewall

package module
v1.37.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 13, 2024 License: Apache-2.0 Imports: 39 Imported by: 14

Documentation

Overview

Package networkfirewall provides the API client, operations, and parameter types for AWS Network Firewall.

This is the API Reference for Network Firewall. This guide is for developers who need detailed information about the Network Firewall API actions, data types, and errors.

Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the perimeter of your VPC. This includes filtering traffic going to and coming from an internet gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible with Suricata, a free, open source network analysis and threat detection engine. Network Firewall supports Suricata version 6.0.9. For information about Suricata, see the Suricata website (https://suricata.io/) . You can use Network Firewall to monitor and protect your VPC traffic in a number of ways. The following are just a few examples:

  • Allow domains or IP addresses for known Amazon Web Services service endpoints, such as Amazon S3, and block all other forms of traffic.
  • Use custom lists of known bad domains to limit the types of domain names that your applications can access.
  • Perform deep packet inspection on traffic entering or leaving your VPC.
  • Use stateful protocol detection to filter protocols like HTTPS, regardless of the port used.

To enable Network Firewall for your VPCs, you perform steps in both Amazon VPC and in Network Firewall. For information about using Amazon VPC, see Amazon VPC User Guide (https://docs.aws.amazon.com/vpc/latest/userguide/) . To start using Network Firewall, do the following:

  • (Optional) If you don't already have a VPC that you want to protect, create it in Amazon VPC.
  • In Amazon VPC, in each Availability Zone where you want to have a firewall endpoint, create a subnet for the sole use of Network Firewall.
  • In Network Firewall, create stateless and stateful rule groups, to define the components of the network traffic filtering behavior that you want your firewall to have.
  • In Network Firewall, create a firewall policy that uses your rule groups and specifies additional default traffic filtering behavior.
  • In Network Firewall, create a firewall and specify your new firewall policy and VPC subnets. Network Firewall creates a firewall endpoint in each subnet that you specify, with the behavior that's defined in the firewall policy.
  • In Amazon VPC, use ingress routing enhancements to route traffic through the new firewall endpoints.

Index

Constants

View Source 
const ServiceAPIVersion = "2020-11-12"
View Source 
const ServiceID = "Network Firewall"

Variables

This section is empty.

Functions

func NewDefaultEndpointResolver 

func NewDefaultEndpointResolver() *internalendpoints.Resolver

NewDefaultEndpointResolver constructs a new service endpoint resolver

func WithAPIOptions added in v1.0.0 

func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options)

WithAPIOptions returns a functional option for setting the Client's APIOptions option.

func WithEndpointResolver deprecated 

func WithEndpointResolver(v EndpointResolver) func(*Options)

Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for this field will likely prevent you from using any endpoint-related service features released after the introduction of EndpointResolverV2 and BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom endpoint, set the client option BaseEndpoint instead.

func WithEndpointResolverV2 added in v1.29.0 

func WithEndpointResolverV2(v EndpointResolverV2) func(*Options)

WithEndpointResolverV2 returns a functional option for setting the Client's EndpointResolverV2 option.

func WithSigV4SigningName added in v1.35.2 

func WithSigV4SigningName(name string) func(*Options)

WithSigV4SigningName applies an override to the authentication workflow to use the given signing name for SigV4-authenticated operations.

This is an advanced setting. The value here is FINAL, taking precedence over the resolved signing name from both auth scheme resolution and endpoint resolution.

func WithSigV4SigningRegion added in v1.35.2 

func WithSigV4SigningRegion(region string) func(*Options)

WithSigV4SigningRegion applies an override to the authentication workflow to use the given signing region for SigV4-authenticated operations.

This is an advanced setting. The value here is FINAL, taking precedence over the resolved signing region from both auth scheme resolution and endpoint resolution.

Types

type AssociateFirewallPolicyInput 

type AssociateFirewallPolicyInput struct {

	// The Amazon Resource Name (ARN) of the firewall policy.
	//
	// This member is required.
	FirewallPolicyArn *string

	// The Amazon Resource Name (ARN) of the firewall. You must specify the ARN or the
	// name, and you can specify both.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it. You must specify the ARN or the name, and you can specify
	// both.
	FirewallName *string

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string
	// contains filtered or unexported fields
}

type AssociateFirewallPolicyOutput 

type AssociateFirewallPolicyOutput struct {

	// The Amazon Resource Name (ARN) of the firewall.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it.
	FirewallName *string

	// The Amazon Resource Name (ARN) of the firewall policy.
	FirewallPolicyArn *string

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AssociateSubnetsInput 

type AssociateSubnetsInput struct {

	// The IDs of the subnets that you want to associate with the firewall.
	//
	// This member is required.
	SubnetMappings []types.SubnetMapping

	// The Amazon Resource Name (ARN) of the firewall. You must specify the ARN or the
	// name, and you can specify both.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it. You must specify the ARN or the name, and you can specify
	// both.
	FirewallName *string

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string
	// contains filtered or unexported fields
}

type AssociateSubnetsOutput 

type AssociateSubnetsOutput struct {

	// The Amazon Resource Name (ARN) of the firewall.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it.
	FirewallName *string

	// The IDs of the subnets that are associated with the firewall.
	SubnetMappings []types.SubnetMapping

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AuthResolverParameters added in v1.35.2 

type AuthResolverParameters struct {
	// The name of the operation being invoked.
	Operation string

	// The region in which the operation is being invoked.
	Region string
}

AuthResolverParameters contains the set of inputs necessary for auth scheme resolution.

type AuthSchemeResolver added in v1.35.2 

type AuthSchemeResolver interface {
	ResolveAuthSchemes(context.Context, *AuthResolverParameters) ([]*smithyauth.Option, error)
}

AuthSchemeResolver returns a set of possible authentication options for an operation.

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client provides the API client to make operations call for AWS Network Firewall.

func New 

func New(options Options, optFns ...func(*Options)) *Client

New returns an initialized Client based on the functional options. Provide additional functional options to further configure the behavior of the client, such as changing the client's endpoint or adding custom middleware behavior.

func NewFromConfig 

func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client

NewFromConfig returns a new client from the provided config.

func (*Client) AssociateFirewallPolicy 

func (c *Client) AssociateFirewallPolicy(ctx context.Context, params *AssociateFirewallPolicyInput, optFns ...func(*Options)) (*AssociateFirewallPolicyOutput, error)

Associates a FirewallPolicy to a Firewall . A firewall policy defines how to monitor and manage your VPC network traffic, using a collection of inspection rule groups and other settings. Each firewall requires one firewall policy association, and you can use the same firewall policy for multiple firewalls.

func (*Client) AssociateSubnets 

func (c *Client) AssociateSubnets(ctx context.Context, params *AssociateSubnetsInput, optFns ...func(*Options)) (*AssociateSubnetsOutput, error)

Associates the specified subnets in the Amazon VPC to the firewall. You can specify one subnet for each of the Availability Zones that the VPC spans. This request creates an Network Firewall firewall endpoint in each of the subnets. To enable the firewall's protections, you must also modify the VPC's route tables for each subnet's Availability Zone, to redirect the traffic that's coming into and going out of the zone through the firewall endpoint.

func (*Client) CreateFirewall 

func (c *Client) CreateFirewall(ctx context.Context, params *CreateFirewallInput, optFns ...func(*Options)) (*CreateFirewallOutput, error)

Creates an Network Firewall Firewall and accompanying FirewallStatus for a VPC. The firewall defines the configuration settings for an Network Firewall firewall. The settings that you can define at creation include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource. After you create a firewall, you can provide additional settings, like the logging configuration. To update the settings for a firewall, you use the operations that apply to the settings themselves, for example UpdateLoggingConfiguration , AssociateSubnets , and UpdateFirewallDeleteProtection . To manage a firewall's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource , TagResource , and UntagResource . To retrieve information about firewalls, use ListFirewalls and DescribeFirewall .

func (*Client) CreateFirewallPolicy 

func (c *Client) CreateFirewallPolicy(ctx context.Context, params *CreateFirewallPolicyInput, optFns ...func(*Options)) (*CreateFirewallPolicyOutput, error)

Creates the firewall policy for the firewall according to the specifications. An Network Firewall firewall policy defines the behavior of a firewall, in a collection of stateless and stateful rule groups and other settings. You can use one firewall policy for multiple firewalls.

func (*Client) CreateRuleGroup 

func (c *Client) CreateRuleGroup(ctx context.Context, params *CreateRuleGroupInput, optFns ...func(*Options)) (*CreateRuleGroupOutput, error)

Creates the specified stateless or stateful rule group, which includes the rules for network traffic inspection, a capacity setting, and tags. You provide your rule group specification in your request using either RuleGroup or Rules .

func (*Client) CreateTLSInspectionConfiguration added in v1.25.0 

func (c *Client) CreateTLSInspectionConfiguration(ctx context.Context, params *CreateTLSInspectionConfigurationInput, optFns ...func(*Options)) (*CreateTLSInspectionConfigurationOutput, error)

Creates an Network Firewall TLS inspection configuration. A TLS inspection configuration contains Certificate Manager certificate associations between and the scope configurations that Network Firewall uses to decrypt and re-encrypt traffic traveling through your firewall. After you create a TLS inspection configuration, you can associate it with a new firewall policy. To update the settings for a TLS inspection configuration, use UpdateTLSInspectionConfiguration . To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource , TagResource , and UntagResource . To retrieve information about TLS inspection configurations, use ListTLSInspectionConfigurations and DescribeTLSInspectionConfiguration . For more information about TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html) in the Network Firewall Developer Guide.

func (*Client) DeleteFirewall 

func (c *Client) DeleteFirewall(ctx context.Context, params *DeleteFirewallInput, optFns ...func(*Options)) (*DeleteFirewallOutput, error)

Deletes the specified Firewall and its FirewallStatus . This operation requires the firewall's DeleteProtection flag to be FALSE . You can't revert this operation. You can check whether a firewall is in use by reviewing the route tables for the Availability Zones where you have firewall subnet mappings. Retrieve the subnet mappings by calling DescribeFirewall . You define and update the route tables through Amazon VPC. As needed, update the route tables for the zones to remove the firewall endpoints. When the route tables no longer use the firewall endpoints, you can remove the firewall safely. To delete a firewall, remove the delete protection if you need to using UpdateFirewallDeleteProtection , then delete the firewall by calling DeleteFirewall .

func (*Client) DeleteFirewallPolicy 

func (c *Client) DeleteFirewallPolicy(ctx context.Context, params *DeleteFirewallPolicyInput, optFns ...func(*Options)) (*DeleteFirewallPolicyOutput, error)

Deletes the specified FirewallPolicy .

func (*Client) DeleteResourcePolicy 

func (c *Client) DeleteResourcePolicy(ctx context.Context, params *DeleteResourcePolicyInput, optFns ...func(*Options)) (*DeleteResourcePolicyOutput, error)

Deletes a resource policy that you created in a PutResourcePolicy request.

func (*Client) DeleteRuleGroup 

func (c *Client) DeleteRuleGroup(ctx context.Context, params *DeleteRuleGroupInput, optFns ...func(*Options)) (*DeleteRuleGroupOutput, error)

Deletes the specified RuleGroup .

func (*Client) DeleteTLSInspectionConfiguration added in v1.25.0 

func (c *Client) DeleteTLSInspectionConfiguration(ctx context.Context, params *DeleteTLSInspectionConfigurationInput, optFns ...func(*Options)) (*DeleteTLSInspectionConfigurationOutput, error)

Deletes the specified TLSInspectionConfiguration .

func (*Client) DescribeFirewall 

func (c *Client) DescribeFirewall(ctx context.Context, params *DescribeFirewallInput, optFns ...func(*Options)) (*DescribeFirewallOutput, error)

Returns the data objects for the specified firewall.

func (*Client) DescribeFirewallPolicy 

func (c *Client) DescribeFirewallPolicy(ctx context.Context, params *DescribeFirewallPolicyInput, optFns ...func(*Options)) (*DescribeFirewallPolicyOutput, error)

Returns the data objects for the specified firewall policy.

func (*Client) DescribeLoggingConfiguration 

func (c *Client) DescribeLoggingConfiguration(ctx context.Context, params *DescribeLoggingConfigurationInput, optFns ...func(*Options)) (*DescribeLoggingConfigurationOutput, error)

Returns the logging configuration for the specified firewall.

func (*Client) DescribeResourcePolicy 

func (c *Client) DescribeResourcePolicy(ctx context.Context, params *DescribeResourcePolicyInput, optFns ...func(*Options)) (*DescribeResourcePolicyOutput, error)

Retrieves a resource policy that you created in a PutResourcePolicy request.

func (*Client) DescribeRuleGroup 

func (c *Client) DescribeRuleGroup(ctx context.Context, params *DescribeRuleGroupInput, optFns ...func(*Options)) (*DescribeRuleGroupOutput, error)

Returns the data objects for the specified rule group.

func (*Client) DescribeRuleGroupMetadata added in v1.11.0 

func (c *Client) DescribeRuleGroupMetadata(ctx context.Context, params *DescribeRuleGroupMetadataInput, optFns ...func(*Options)) (*DescribeRuleGroupMetadataOutput, error)

High-level information about a rule group, returned by operations like create and describe. You can use the information provided in the metadata to retrieve and manage a rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup .

func (*Client) DescribeTLSInspectionConfiguration added in v1.25.0 

func (c *Client) DescribeTLSInspectionConfiguration(ctx context.Context, params *DescribeTLSInspectionConfigurationInput, optFns ...func(*Options)) (*DescribeTLSInspectionConfigurationOutput, error)

Returns the data objects for the specified TLS inspection configuration.

func (*Client) DisassociateSubnets 

func (c *Client) DisassociateSubnets(ctx context.Context, params *DisassociateSubnetsInput, optFns ...func(*Options)) (*DisassociateSubnetsOutput, error)

Removes the specified subnet associations from the firewall. This removes the firewall endpoints from the subnets and removes any network filtering protections that the endpoints were providing.

func (*Client) ListFirewallPolicies 

func (c *Client) ListFirewallPolicies(ctx context.Context, params *ListFirewallPoliciesInput, optFns ...func(*Options)) (*ListFirewallPoliciesOutput, error)

Retrieves the metadata for the firewall policies that you have defined. Depending on your setting for max results and the number of firewall policies, a single call might not return the full list.

func (*Client) ListFirewalls 

func (c *Client) ListFirewalls(ctx context.Context, params *ListFirewallsInput, optFns ...func(*Options)) (*ListFirewallsOutput, error)

Retrieves the metadata for the firewalls that you have defined. If you provide VPC identifiers in your request, this returns only the firewalls for those VPCs. Depending on your setting for max results and the number of firewalls, a single call might not return the full list.

func (*Client) ListRuleGroups 

func (c *Client) ListRuleGroups(ctx context.Context, params *ListRuleGroupsInput, optFns ...func(*Options)) (*ListRuleGroupsOutput, error)

Retrieves the metadata for the rule groups that you have defined. Depending on your setting for max results and the number of rule groups, a single call might not return the full list.

func (*Client) ListTLSInspectionConfigurations added in v1.25.0 

func (c *Client) ListTLSInspectionConfigurations(ctx context.Context, params *ListTLSInspectionConfigurationsInput, optFns ...func(*Options)) (*ListTLSInspectionConfigurationsOutput, error)

Retrieves the metadata for the TLS inspection configurations that you have defined. Depending on your setting for max results and the number of TLS inspection configurations, a single call might not return the full list.

func (*Client) ListTagsForResource 

func (c *Client) ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)

Retrieves the tags associated with the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource. You can tag the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall policies, and rule groups.

func (*Client) Options added in v1.36.0 

func (c *Client) Options() Options

Options returns a copy of the client configuration.

Callers SHOULD NOT perform mutations on any inner structures within client config. Config overrides should instead be made on a per-operation basis through functional options.

func (*Client) PutResourcePolicy 

func (c *Client) PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error)

Creates or updates an IAM policy for your rule group or firewall policy. Use this to share rule groups and firewall policies between accounts. This operation works in conjunction with the Amazon Web Services Resource Access Manager (RAM) service to manage resource sharing for Network Firewall. Use this operation to create or update a resource policy for your rule group or firewall policy. In the policy, you specify the accounts that you want to share the resource with and the operations that you want the accounts to be able to perform. When you add an account in the resource policy, you then run the following Resource Access Manager (RAM) operations to access and accept the shared rule group or firewall policy.

For additional information about resource sharing using RAM, see Resource Access Manager User Guide (https://docs.aws.amazon.com/ram/latest/userguide/what-is.html) .

func (*Client) TagResource 

func (c *Client) TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)

Adds the specified tags to the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource. You can tag the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall policies, and rule groups.

func (*Client) UntagResource 

func (c *Client) UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)

Removes the tags with the specified keys from the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource. You can manage tags for the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall policies, and rule groups.

func (*Client) UpdateFirewallDeleteProtection 

func (c *Client) UpdateFirewallDeleteProtection(ctx context.Context, params *UpdateFirewallDeleteProtectionInput, optFns ...func(*Options)) (*UpdateFirewallDeleteProtectionOutput, error)

Modifies the flag, DeleteProtection , which indicates whether it is possible to delete the firewall. If the flag is set to TRUE , the firewall is protected against deletion. This setting helps protect against accidentally deleting a firewall that's in use.

func (*Client) UpdateFirewallDescription 

func (c *Client) UpdateFirewallDescription(ctx context.Context, params *UpdateFirewallDescriptionInput, optFns ...func(*Options)) (*UpdateFirewallDescriptionOutput, error)

Modifies the description for the specified firewall. Use the description to help you identify the firewall when you're working with it.

func (*Client) UpdateFirewallEncryptionConfiguration added in v1.16.0 

func (c *Client) UpdateFirewallEncryptionConfiguration(ctx context.Context, params *UpdateFirewallEncryptionConfigurationInput, optFns ...func(*Options)) (*UpdateFirewallEncryptionConfigurationOutput, error)

A complex type that contains settings for encryption of your firewall resources.

func (*Client) UpdateFirewallPolicy 

func (c *Client) UpdateFirewallPolicy(ctx context.Context, params *UpdateFirewallPolicyInput, optFns ...func(*Options)) (*UpdateFirewallPolicyOutput, error)

Updates the properties of the specified firewall policy.

func (*Client) UpdateFirewallPolicyChangeProtection 

func (c *Client) UpdateFirewallPolicyChangeProtection(ctx context.Context, params *UpdateFirewallPolicyChangeProtectionInput, optFns ...func(*Options)) (*UpdateFirewallPolicyChangeProtectionOutput, error)

Modifies the flag, ChangeProtection , which indicates whether it is possible to change the firewall. If the flag is set to TRUE , the firewall is protected from changes. This setting helps protect against accidentally changing a firewall that's in use.

func (*Client) UpdateLoggingConfiguration 

func (c *Client) UpdateLoggingConfiguration(ctx context.Context, params *UpdateLoggingConfigurationInput, optFns ...func(*Options)) (*UpdateLoggingConfigurationOutput, error)

Sets the logging configuration for the specified firewall. To change the logging configuration, retrieve the LoggingConfiguration by calling DescribeLoggingConfiguration , then change it and provide the modified object to this update call. You must change the logging configuration one LogDestinationConfig at a time inside the retrieved LoggingConfiguration object. You can perform only one of the following actions in any call to UpdateLoggingConfiguration :

  • Create a new log destination object by adding a single LogDestinationConfig array element to LogDestinationConfigs .
  • Delete a log destination object by removing a single LogDestinationConfig array element from LogDestinationConfigs .
  • Change the LogDestination setting in a single LogDestinationConfig array element.

You can't change the LogDestinationType or LogType in a LogDestinationConfig . To change these settings, delete the existing LogDestinationConfig object and create a new one, using two separate calls to this update operation.

func (*Client) UpdateRuleGroup 

func (c *Client) UpdateRuleGroup(ctx context.Context, params *UpdateRuleGroupInput, optFns ...func(*Options)) (*UpdateRuleGroupOutput, error)

Updates the rule settings for the specified rule group. You use a rule group by reference in one or more firewall policies. When you modify a rule group, you modify all firewall policies that use the rule group. To update a rule group, first call DescribeRuleGroup to retrieve the current RuleGroup object, update the object as needed, and then provide the updated object to this call.

func (*Client) UpdateSubnetChangeProtection 

func (c *Client) UpdateSubnetChangeProtection(ctx context.Context, params *UpdateSubnetChangeProtectionInput, optFns ...func(*Options)) (*UpdateSubnetChangeProtectionOutput, error)

func (*Client) UpdateTLSInspectionConfiguration added in v1.25.0 

func (c *Client) UpdateTLSInspectionConfiguration(ctx context.Context, params *UpdateTLSInspectionConfigurationInput, optFns ...func(*Options)) (*UpdateTLSInspectionConfigurationOutput, error)

Updates the TLS inspection configuration settings for the specified TLS inspection configuration. You use a TLS inspection configuration by referencing it in one or more firewall policies. When you modify a TLS inspection configuration, you modify all firewall policies that use the TLS inspection configuration. To update a TLS inspection configuration, first call DescribeTLSInspectionConfiguration to retrieve the current TLSInspectionConfiguration object, update the object as needed, and then provide the updated object to this call.

type CreateFirewallInput 

type CreateFirewallInput struct {

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it.
	//
	// This member is required.
	FirewallName *string

	// The Amazon Resource Name (ARN) of the FirewallPolicy that you want to use for
	// the firewall.
	//
	// This member is required.
	FirewallPolicyArn *string

	// The public subnets to use for your Network Firewall firewalls. Each subnet must
	// belong to a different Availability Zone in the VPC. Network Firewall creates a
	// firewall endpoint in each subnet.
	//
	// This member is required.
	SubnetMappings []types.SubnetMapping

	// The unique identifier of the VPC where Network Firewall should create the
	// firewall. You can't change this setting after you create the firewall.
	//
	// This member is required.
	VpcId *string

	// A flag indicating whether it is possible to delete the firewall. A setting of
	// TRUE indicates that the firewall is protected against deletion. Use this setting
	// to protect against accidentally deleting a firewall that is in use. When you
	// create a firewall, the operation initializes this flag to TRUE .
	DeleteProtection bool

	// A description of the firewall.
	Description *string

	// A complex type that contains settings for encryption of your firewall resources.
	EncryptionConfiguration *types.EncryptionConfiguration

	// A setting indicating whether the firewall is protected against a change to the
	// firewall policy association. Use this setting to protect against accidentally
	// modifying the firewall policy for a firewall that is in use. When you create a
	// firewall, the operation initializes this setting to TRUE .
	FirewallPolicyChangeProtection bool

	// A setting indicating whether the firewall is protected against changes to the
	// subnet associations. Use this setting to protect against accidentally modifying
	// the subnet associations for a firewall that is in use. When you create a
	// firewall, the operation initializes this setting to TRUE .
	SubnetChangeProtection bool

	// The key:value pairs to associate with the resource.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type CreateFirewallOutput 

type CreateFirewallOutput struct {

	// The configuration settings for the firewall. These settings include the
	// firewall policy and the subnets in your VPC to use for the firewall endpoints.
	Firewall *types.Firewall

	// Detailed information about the current status of a Firewall . You can retrieve
	// this for a firewall by calling DescribeFirewall and providing the firewall name
	// and ARN.
	FirewallStatus *types.FirewallStatus

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateFirewallPolicyInput 

type CreateFirewallPolicyInput struct {

	// The rule groups and policy actions to use in the firewall policy.
	//
	// This member is required.
	FirewallPolicy *types.FirewallPolicy

	// The descriptive name of the firewall policy. You can't change the name of a
	// firewall policy after you create it.
	//
	// This member is required.
	FirewallPolicyName *string

	// A description of the firewall policy.
	Description *string

	// Indicates whether you want Network Firewall to just check the validity of the
	// request, rather than run the request. If set to TRUE , Network Firewall checks
	// whether the request can run successfully, but doesn't actually make the
	// requested changes. The call returns the value that the request would return if
	// you ran it with dry run set to FALSE , but doesn't make additions or changes to
	// your resources. This option allows you to make sure that you have the required
	// permissions to run the request and that your request parameters are valid. If
	// set to FALSE , Network Firewall makes the requested changes to your resources.
	DryRun bool

	// A complex type that contains settings for encryption of your firewall policy
	// resources.
	EncryptionConfiguration *types.EncryptionConfiguration

	// The key:value pairs to associate with the resource.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type CreateFirewallPolicyOutput 

type CreateFirewallPolicyOutput struct {

	// The high-level properties of a firewall policy. This, along with the
	// FirewallPolicy , define the policy. You can retrieve all objects for a firewall
	// policy by calling DescribeFirewallPolicy .
	//
	// This member is required.
	FirewallPolicyResponse *types.FirewallPolicyResponse

	// A token used for optimistic locking. Network Firewall returns a token to your
	// requests that access the firewall policy. The token marks the state of the
	// policy resource at the time of the request. To make changes to the policy, you
	// provide the token in your request. Network Firewall uses the token to ensure
	// that the policy hasn't changed since you last retrieved it. If it has changed,
	// the operation fails with an InvalidTokenException . If this happens, retrieve
	// the firewall policy again to get a current copy of it with current token.
	// Reapply your changes as needed, then try the operation again using the new
	// token.
	//
	// This member is required.
	UpdateToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateRuleGroupInput 

type CreateRuleGroupInput struct {

	// The maximum operating resources that this rule group can use. Rule group
	// capacity is fixed at creation. When you update a rule group, you are limited to
	// this capacity. When you reference a rule group from a firewall policy, Network
	// Firewall reserves this capacity for the rule group. You can retrieve the
	// capacity that would be required for a rule group before you create the rule
	// group by calling CreateRuleGroup with DryRun set to TRUE . You can't change or
	// exceed this capacity when you update the rule group, so leave room for your rule
	// group to grow. Capacity for a stateless rule group For a stateless rule group,
	// the capacity required is the sum of the capacity requirements of the individual
	// rules that you expect to have in the rule group. To calculate the capacity
	// requirement of a single rule, multiply the capacity requirement values of each
	// of the rule's match settings:
	//   - A match setting with no criteria specified has a value of 1.
	//   - A match setting with Any specified has a value of 1.
	//   - All other match settings have a value equal to the number of elements
	//   provided in the setting. For example, a protocol setting ["UDP"] and a source
	//   setting ["10.0.0.0/24"] each have a value of 1. A protocol setting ["UDP","TCP"]
	//   has a value of 2. A source setting ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"]
	//   has a value of 3.
	// A rule with no criteria specified in any of its match settings has a capacity
	// requirement of 1. A rule with protocol setting ["UDP","TCP"], source setting
	// ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"], and a single specification or no
	// specification for each of the other match settings has a capacity requirement of
	// 6. Capacity for a stateful rule group For a stateful rule group, the minimum
	// capacity required is the number of individual rules that you expect to have in
	// the rule group.
	//
	// This member is required.
	Capacity *int32

	// The descriptive name of the rule group. You can't change the name of a rule
	// group after you create it.
	//
	// This member is required.
	RuleGroupName *string

	// Indicates whether the rule group is stateless or stateful. If the rule group is
	// stateless, it contains stateless rules. If it is stateful, it contains stateful
	// rules.
	//
	// This member is required.
	Type types.RuleGroupType

	// Indicates whether you want Network Firewall to analyze the stateless rules in
	// the rule group for rule behavior such as asymmetric routing. If set to TRUE ,
	// Network Firewall runs the analysis and then creates the rule group for you. To
	// run the stateless rule group analyzer without creating the rule group, set
	// DryRun to TRUE .
	AnalyzeRuleGroup bool

	// A description of the rule group.
	Description *string

	// Indicates whether you want Network Firewall to just check the validity of the
	// request, rather than run the request. If set to TRUE , Network Firewall checks
	// whether the request can run successfully, but doesn't actually make the
	// requested changes. The call returns the value that the request would return if
	// you ran it with dry run set to FALSE , but doesn't make additions or changes to
	// your resources. This option allows you to make sure that you have the required
	// permissions to run the request and that your request parameters are valid. If
	// set to FALSE , Network Firewall makes the requested changes to your resources.
	DryRun bool

	// A complex type that contains settings for encryption of your rule group
	// resources.
	EncryptionConfiguration *types.EncryptionConfiguration

	// An object that defines the rule group rules. You must provide either this rule
	// group setting or a Rules setting, but not both.
	RuleGroup *types.RuleGroup

	// A string containing stateful rule group rules specifications in Suricata flat
	// format, with one rule per line. Use this to import your existing Suricata
	// compatible rule groups. You must provide either this rules setting or a
	// populated RuleGroup setting, but not both. You can provide your rule group
	// specification in Suricata flat format through this setting when you create or
	// update your rule group. The call response returns a RuleGroup object that
	// Network Firewall has populated from your string.
	Rules *string

	// A complex type that contains metadata about the rule group that your own rule
	// group is copied from. You can use the metadata to keep track of updates made to
	// the originating rule group.
	SourceMetadata *types.SourceMetadata

	// The key:value pairs to associate with the resource.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type CreateRuleGroupOutput 

type CreateRuleGroupOutput struct {

	// The high-level properties of a rule group. This, along with the RuleGroup ,
	// define the rule group. You can retrieve all objects for a rule group by calling
	// DescribeRuleGroup .
	//
	// This member is required.
	RuleGroupResponse *types.RuleGroupResponse

	// A token used for optimistic locking. Network Firewall returns a token to your
	// requests that access the rule group. The token marks the state of the rule group
	// resource at the time of the request. To make changes to the rule group, you
	// provide the token in your request. Network Firewall uses the token to ensure
	// that the rule group hasn't changed since you last retrieved it. If it has
	// changed, the operation fails with an InvalidTokenException . If this happens,
	// retrieve the rule group again to get a current copy of it with a current token.
	// Reapply your changes as needed, then try the operation again using the new
	// token.
	//
	// This member is required.
	UpdateToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateTLSInspectionConfigurationInput added in v1.25.0 

type CreateTLSInspectionConfigurationInput struct {

	// The object that defines a TLS inspection configuration. This, along with
	// TLSInspectionConfigurationResponse , define the TLS inspection configuration.
	// You can retrieve all objects for a TLS inspection configuration by calling
	// DescribeTLSInspectionConfiguration . Network Firewall uses a TLS inspection
	// configuration to decrypt traffic. Network Firewall re-encrypts the traffic
	// before sending it to its destination. To use a TLS inspection configuration, you
	// add it to a new Network Firewall firewall policy, then you apply the firewall
	// policy to a firewall. Network Firewall acts as a proxy service to decrypt and
	// inspect the traffic traveling through your firewalls. You can reference a TLS
	// inspection configuration from more than one firewall policy, and you can use a
	// firewall policy in more than one firewall. For more information about using TLS
	// inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection
	// configurations (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html)
	// in the Network Firewall Developer Guide.
	//
	// This member is required.
	TLSInspectionConfiguration *types.TLSInspectionConfiguration

	// The descriptive name of the TLS inspection configuration. You can't change the
	// name of a TLS inspection configuration after you create it.
	//
	// This member is required.
	TLSInspectionConfigurationName *string

	// A description of the TLS inspection configuration.
	Description *string

	// A complex type that contains optional Amazon Web Services Key Management
	// Service (KMS) encryption settings for your Network Firewall resources. Your data
	// is encrypted by default with an Amazon Web Services owned key that Amazon Web
	// Services owns and manages for you. You can use either the Amazon Web Services
	// owned key, or provide your own customer managed key. To learn more about KMS
	// encryption of your Network Firewall resources, see Encryption at rest with
	// Amazon Web Services Key Managment Service (https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html)
	// in the Network Firewall Developer Guide.
	EncryptionConfiguration *types.EncryptionConfiguration

	// The key:value pairs to associate with the resource.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type CreateTLSInspectionConfigurationOutput added in v1.25.0 

type CreateTLSInspectionConfigurationOutput struct {

	// The high-level properties of a TLS inspection configuration. This, along with
	// the TLSInspectionConfiguration , define the TLS inspection configuration. You
	// can retrieve all objects for a TLS inspection configuration by calling
	// DescribeTLSInspectionConfiguration .
	//
	// This member is required.
	TLSInspectionConfigurationResponse *types.TLSInspectionConfigurationResponse

	// A token used for optimistic locking. Network Firewall returns a token to your
	// requests that access the TLS inspection configuration. The token marks the state
	// of the TLS inspection configuration resource at the time of the request. To make
	// changes to the TLS inspection configuration, you provide the token in your
	// request. Network Firewall uses the token to ensure that the TLS inspection
	// configuration hasn't changed since you last retrieved it. If it has changed, the
	// operation fails with an InvalidTokenException . If this happens, retrieve the
	// TLS inspection configuration again to get a current copy of it with a current
	// token. Reapply your changes as needed, then try the operation again using the
	// new token.
	//
	// This member is required.
	UpdateToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteFirewallInput 

type DeleteFirewallInput struct {

	// The Amazon Resource Name (ARN) of the firewall. You must specify the ARN or the
	// name, and you can specify both.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it. You must specify the ARN or the name, and you can specify
	// both.
	FirewallName *string
	// contains filtered or unexported fields
}

type DeleteFirewallOutput 

type DeleteFirewallOutput struct {

	// The firewall defines the configuration settings for an Network Firewall
	// firewall. These settings include the firewall policy, the subnets in your VPC to
	// use for the firewall endpoints, and any tags that are attached to the firewall
	// Amazon Web Services resource. The status of the firewall, for example whether
	// it's ready to filter network traffic, is provided in the corresponding
	// FirewallStatus . You can retrieve both objects by calling DescribeFirewall .
	Firewall *types.Firewall

	// Detailed information about the current status of a Firewall . You can retrieve
	// this for a firewall by calling DescribeFirewall and providing the firewall name
	// and ARN.
	FirewallStatus *types.FirewallStatus

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteFirewallPolicyInput 

type DeleteFirewallPolicyInput struct {

	// The Amazon Resource Name (ARN) of the firewall policy. You must specify the ARN
	// or the name, and you can specify both.
	FirewallPolicyArn *string

	// The descriptive name of the firewall policy. You can't change the name of a
	// firewall policy after you create it. You must specify the ARN or the name, and
	// you can specify both.
	FirewallPolicyName *string
	// contains filtered or unexported fields
}

type DeleteFirewallPolicyOutput 

type DeleteFirewallPolicyOutput struct {

	// The object containing the definition of the FirewallPolicyResponse that you
	// asked to delete.
	//
	// This member is required.
	FirewallPolicyResponse *types.FirewallPolicyResponse

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteResourcePolicyInput 

type DeleteResourcePolicyInput struct {

	// The Amazon Resource Name (ARN) of the rule group or firewall policy whose
	// resource policy you want to delete.
	//
	// This member is required.
	ResourceArn *string
	// contains filtered or unexported fields
}

type DeleteResourcePolicyOutput 

type DeleteResourcePolicyOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteRuleGroupInput 

type DeleteRuleGroupInput struct {

	// The Amazon Resource Name (ARN) of the rule group. You must specify the ARN or
	// the name, and you can specify both.
	RuleGroupArn *string

	// The descriptive name of the rule group. You can't change the name of a rule
	// group after you create it. You must specify the ARN or the name, and you can
	// specify both.
	RuleGroupName *string

	// Indicates whether the rule group is stateless or stateful. If the rule group is
	// stateless, it contains stateless rules. If it is stateful, it contains stateful
	// rules. This setting is required for requests that do not include the
	// RuleGroupARN .
	Type types.RuleGroupType
	// contains filtered or unexported fields
}

type DeleteRuleGroupOutput 

type DeleteRuleGroupOutput struct {

	// The high-level properties of a rule group. This, along with the RuleGroup ,
	// define the rule group. You can retrieve all objects for a rule group by calling
	// DescribeRuleGroup .
	//
	// This member is required.
	RuleGroupResponse *types.RuleGroupResponse

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteTLSInspectionConfigurationInput added in v1.25.0 

type DeleteTLSInspectionConfigurationInput struct {

	// The Amazon Resource Name (ARN) of the TLS inspection configuration. You must
	// specify the ARN or the name, and you can specify both.
	TLSInspectionConfigurationArn *string

	// The descriptive name of the TLS inspection configuration. You can't change the
	// name of a TLS inspection configuration after you create it. You must specify the
	// ARN or the name, and you can specify both.
	TLSInspectionConfigurationName *string
	// contains filtered or unexported fields
}

type DeleteTLSInspectionConfigurationOutput added in v1.25.0 

type DeleteTLSInspectionConfigurationOutput struct {

	// The high-level properties of a TLS inspection configuration. This, along with
	// the TLSInspectionConfiguration , define the TLS inspection configuration. You
	// can retrieve all objects for a TLS inspection configuration by calling
	// DescribeTLSInspectionConfiguration .
	//
	// This member is required.
	TLSInspectionConfigurationResponse *types.TLSInspectionConfigurationResponse

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeFirewallInput 

type DescribeFirewallInput struct {

	// The Amazon Resource Name (ARN) of the firewall. You must specify the ARN or the
	// name, and you can specify both.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it. You must specify the ARN or the name, and you can specify
	// both.
	FirewallName *string
	// contains filtered or unexported fields
}

type DescribeFirewallOutput 

type DescribeFirewallOutput struct {

	// The configuration settings for the firewall. These settings include the
	// firewall policy and the subnets in your VPC to use for the firewall endpoints.
	Firewall *types.Firewall

	// Detailed information about the current status of a Firewall . You can retrieve
	// this for a firewall by calling DescribeFirewall and providing the firewall name
	// and ARN.
	FirewallStatus *types.FirewallStatus

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeFirewallPolicyInput 

type DescribeFirewallPolicyInput struct {

	// The Amazon Resource Name (ARN) of the firewall policy. You must specify the ARN
	// or the name, and you can specify both.
	FirewallPolicyArn *string

	// The descriptive name of the firewall policy. You can't change the name of a
	// firewall policy after you create it. You must specify the ARN or the name, and
	// you can specify both.
	FirewallPolicyName *string
	// contains filtered or unexported fields
}

type DescribeFirewallPolicyOutput 

type DescribeFirewallPolicyOutput struct {

	// The high-level properties of a firewall policy. This, along with the
	// FirewallPolicy , define the policy. You can retrieve all objects for a firewall
	// policy by calling DescribeFirewallPolicy .
	//
	// This member is required.
	FirewallPolicyResponse *types.FirewallPolicyResponse

	// A token used for optimistic locking. Network Firewall returns a token to your
	// requests that access the firewall policy. The token marks the state of the
	// policy resource at the time of the request. To make changes to the policy, you
	// provide the token in your request. Network Firewall uses the token to ensure
	// that the policy hasn't changed since you last retrieved it. If it has changed,
	// the operation fails with an InvalidTokenException . If this happens, retrieve
	// the firewall policy again to get a current copy of it with current token.
	// Reapply your changes as needed, then try the operation again using the new
	// token.
	//
	// This member is required.
	UpdateToken *string

	// The policy for the specified firewall policy.
	FirewallPolicy *types.FirewallPolicy

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeLoggingConfigurationInput 

type DescribeLoggingConfigurationInput struct {

	// The Amazon Resource Name (ARN) of the firewall. You must specify the ARN or the
	// name, and you can specify both.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it. You must specify the ARN or the name, and you can specify
	// both.
	FirewallName *string
	// contains filtered or unexported fields
}

type DescribeLoggingConfigurationOutput 

type DescribeLoggingConfigurationOutput struct {

	// The Amazon Resource Name (ARN) of the firewall.
	FirewallArn *string

	// Defines how Network Firewall performs logging for a Firewall .
	LoggingConfiguration *types.LoggingConfiguration

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeResourcePolicyInput 

type DescribeResourcePolicyInput struct {

	// The Amazon Resource Name (ARN) of the rule group or firewall policy whose
	// resource policy you want to retrieve.
	//
	// This member is required.
	ResourceArn *string
	// contains filtered or unexported fields
}

type DescribeResourcePolicyOutput 

type DescribeResourcePolicyOutput struct {

	// The IAM policy for the resource.
	Policy *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeRuleGroupInput 

type DescribeRuleGroupInput struct {

	// Indicates whether you want Network Firewall to analyze the stateless rules in
	// the rule group for rule behavior such as asymmetric routing. If set to TRUE ,
	// Network Firewall runs the analysis.
	AnalyzeRuleGroup bool

	// The Amazon Resource Name (ARN) of the rule group. You must specify the ARN or
	// the name, and you can specify both.
	RuleGroupArn *string

	// The descriptive name of the rule group. You can't change the name of a rule
	// group after you create it. You must specify the ARN or the name, and you can
	// specify both.
	RuleGroupName *string

	// Indicates whether the rule group is stateless or stateful. If the rule group is
	// stateless, it contains stateless rules. If it is stateful, it contains stateful
	// rules. This setting is required for requests that do not include the
	// RuleGroupARN .
	Type types.RuleGroupType
	// contains filtered or unexported fields
}

type DescribeRuleGroupMetadataInput added in v1.11.0 

type DescribeRuleGroupMetadataInput struct {

	// The descriptive name of the rule group. You can't change the name of a rule
	// group after you create it. You must specify the ARN or the name, and you can
	// specify both.
	RuleGroupArn *string

	// The descriptive name of the rule group. You can't change the name of a rule
	// group after you create it. You must specify the ARN or the name, and you can
	// specify both.
	RuleGroupName *string

	// Indicates whether the rule group is stateless or stateful. If the rule group is
	// stateless, it contains stateless rules. If it is stateful, it contains stateful
	// rules. This setting is required for requests that do not include the
	// RuleGroupARN .
	Type types.RuleGroupType
	// contains filtered or unexported fields
}

type DescribeRuleGroupMetadataOutput added in v1.11.0 

type DescribeRuleGroupMetadataOutput struct {

	// The descriptive name of the rule group. You can't change the name of a rule
	// group after you create it. You must specify the ARN or the name, and you can
	// specify both.
	//
	// This member is required.
	RuleGroupArn *string

	// The descriptive name of the rule group. You can't change the name of a rule
	// group after you create it. You must specify the ARN or the name, and you can
	// specify both.
	//
	// This member is required.
	RuleGroupName *string

	// The maximum operating resources that this rule group can use. Rule group
	// capacity is fixed at creation. When you update a rule group, you are limited to
	// this capacity. When you reference a rule group from a firewall policy, Network
	// Firewall reserves this capacity for the rule group. You can retrieve the
	// capacity that would be required for a rule group before you create the rule
	// group by calling CreateRuleGroup with DryRun set to TRUE .
	Capacity *int32

	// Returns the metadata objects for the specified rule group.
	Description *string

	// The last time that the rule group was changed.
	LastModifiedTime *time.Time

	// Additional options governing how Network Firewall handles the rule group. You
	// can only use these for stateful rule groups.
	StatefulRuleOptions *types.StatefulRuleOptions

	// Indicates whether the rule group is stateless or stateful. If the rule group is
	// stateless, it contains stateless rules. If it is stateful, it contains stateful
	// rules. This setting is required for requests that do not include the
	// RuleGroupARN .
	Type types.RuleGroupType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeRuleGroupOutput 

type DescribeRuleGroupOutput struct {

	// The high-level properties of a rule group. This, along with the RuleGroup ,
	// define the rule group. You can retrieve all objects for a rule group by calling
	// DescribeRuleGroup .
	//
	// This member is required.
	RuleGroupResponse *types.RuleGroupResponse

	// A token used for optimistic locking. Network Firewall returns a token to your
	// requests that access the rule group. The token marks the state of the rule group
	// resource at the time of the request. To make changes to the rule group, you
	// provide the token in your request. Network Firewall uses the token to ensure
	// that the rule group hasn't changed since you last retrieved it. If it has
	// changed, the operation fails with an InvalidTokenException . If this happens,
	// retrieve the rule group again to get a current copy of it with a current token.
	// Reapply your changes as needed, then try the operation again using the new
	// token.
	//
	// This member is required.
	UpdateToken *string

	// The object that defines the rules in a rule group. This, along with
	// RuleGroupResponse , define the rule group. You can retrieve all objects for a
	// rule group by calling DescribeRuleGroup . Network Firewall uses a rule group to
	// inspect and control network traffic. You define stateless rule groups to inspect
	// individual packets and you define stateful rule groups to inspect packets in the
	// context of their traffic flow. To use a rule group, you include it by reference
	// in an Network Firewall firewall policy, then you use the policy in a firewall.
	// You can reference a rule group from more than one firewall policy, and you can
	// use a firewall policy in more than one firewall.
	RuleGroup *types.RuleGroup

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeTLSInspectionConfigurationInput added in v1.25.0 

type DescribeTLSInspectionConfigurationInput struct {

	// The Amazon Resource Name (ARN) of the TLS inspection configuration. You must
	// specify the ARN or the name, and you can specify both.
	TLSInspectionConfigurationArn *string

	// The descriptive name of the TLS inspection configuration. You can't change the
	// name of a TLS inspection configuration after you create it. You must specify the
	// ARN or the name, and you can specify both.
	TLSInspectionConfigurationName *string
	// contains filtered or unexported fields
}

type DescribeTLSInspectionConfigurationOutput added in v1.25.0 

type DescribeTLSInspectionConfigurationOutput struct {

	// The high-level properties of a TLS inspection configuration. This, along with
	// the TLSInspectionConfiguration , define the TLS inspection configuration. You
	// can retrieve all objects for a TLS inspection configuration by calling
	// DescribeTLSInspectionConfiguration .
	//
	// This member is required.
	TLSInspectionConfigurationResponse *types.TLSInspectionConfigurationResponse

	// A token used for optimistic locking. Network Firewall returns a token to your
	// requests that access the TLS inspection configuration. The token marks the state
	// of the TLS inspection configuration resource at the time of the request. To make
	// changes to the TLS inspection configuration, you provide the token in your
	// request. Network Firewall uses the token to ensure that the TLS inspection
	// configuration hasn't changed since you last retrieved it. If it has changed, the
	// operation fails with an InvalidTokenException . If this happens, retrieve the
	// TLS inspection configuration again to get a current copy of it with a current
	// token. Reapply your changes as needed, then try the operation again using the
	// new token.
	//
	// This member is required.
	UpdateToken *string

	// The object that defines a TLS inspection configuration. This, along with
	// TLSInspectionConfigurationResponse , define the TLS inspection configuration.
	// You can retrieve all objects for a TLS inspection configuration by calling
	// DescribeTLSInspectionConfiguration . Network Firewall uses a TLS inspection
	// configuration to decrypt traffic. Network Firewall re-encrypts the traffic
	// before sending it to its destination. To use a TLS inspection configuration, you
	// add it to a new Network Firewall firewall policy, then you apply the firewall
	// policy to a firewall. Network Firewall acts as a proxy service to decrypt and
	// inspect the traffic traveling through your firewalls. You can reference a TLS
	// inspection configuration from more than one firewall policy, and you can use a
	// firewall policy in more than one firewall. For more information about using TLS
	// inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection
	// configurations (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html)
	// in the Network Firewall Developer Guide.
	TLSInspectionConfiguration *types.TLSInspectionConfiguration

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DisassociateSubnetsInput 

type DisassociateSubnetsInput struct {

	// The unique identifiers for the subnets that you want to disassociate.
	//
	// This member is required.
	SubnetIds []string

	// The Amazon Resource Name (ARN) of the firewall. You must specify the ARN or the
	// name, and you can specify both.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it. You must specify the ARN or the name, and you can specify
	// both.
	FirewallName *string

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string
	// contains filtered or unexported fields
}

type DisassociateSubnetsOutput 

type DisassociateSubnetsOutput struct {

	// The Amazon Resource Name (ARN) of the firewall.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it.
	FirewallName *string

	// The IDs of the subnets that are associated with the firewall.
	SubnetMappings []types.SubnetMapping

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type EndpointParameters added in v1.29.0 

type EndpointParameters struct {
	// The AWS region used to dispatch the request.
	//
	// Parameter is
	// required.
	//
	// AWS::Region
	Region *string

	// When true, use the dual-stack endpoint. If the configured endpoint does not
	// support dual-stack, dispatching the request MAY return an error.
	//
	// Defaults to
	// false if no value is provided.
	//
	// AWS::UseDualStack
	UseDualStack *bool

	// When true, send this request to the FIPS-compliant regional endpoint. If the
	// configured endpoint does not have a FIPS compliant endpoint, dispatching the
	// request will return an error.
	//
	// Defaults to false if no value is
	// provided.
	//
	// AWS::UseFIPS
	UseFIPS *bool

	// Override the endpoint used to send this request
	//
	// Parameter is
	// required.
	//
	// SDK::Endpoint
	Endpoint *string
}

EndpointParameters provides the parameters that influence how endpoints are resolved.

func (EndpointParameters) ValidateRequired added in v1.29.0 

func (p EndpointParameters) ValidateRequired() error

ValidateRequired validates required parameters are set.

func (EndpointParameters) WithDefaults added in v1.29.0 

func (p EndpointParameters) WithDefaults() EndpointParameters

WithDefaults returns a shallow copy of EndpointParameterswith default values applied to members where applicable.

type EndpointResolver 

type EndpointResolver interface {
	ResolveEndpoint(region string, options EndpointResolverOptions) (aws.Endpoint, error)
}

EndpointResolver interface for resolving service endpoints.

func EndpointResolverFromURL added in v1.1.0 

func EndpointResolverFromURL(url string, optFns ...func(*aws.Endpoint)) EndpointResolver

EndpointResolverFromURL returns an EndpointResolver configured using the provided endpoint url. By default, the resolved endpoint resolver uses the client region as signing region, and the endpoint source is set to EndpointSourceCustom.You can provide functional options to configure endpoint values for the resolved endpoint.

type EndpointResolverFunc 

type EndpointResolverFunc func(region string, options EndpointResolverOptions) (aws.Endpoint, error)

EndpointResolverFunc is a helper utility that wraps a function so it satisfies the EndpointResolver interface. This is useful when you want to add additional endpoint resolving logic, or stub out specific endpoints with custom values.

func (EndpointResolverFunc) ResolveEndpoint 

func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error)

type EndpointResolverOptions 

type EndpointResolverOptions = internalendpoints.Options

EndpointResolverOptions is the service endpoint resolver options

type EndpointResolverV2 added in v1.29.0 

type EndpointResolverV2 interface {
	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
	// returning the endpoint if found. Otherwise an error is returned.
	ResolveEndpoint(ctx context.Context, params EndpointParameters) (
		smithyendpoints.Endpoint, error,
	)
}

EndpointResolverV2 provides the interface for resolving service endpoints.

func NewDefaultEndpointResolverV2 added in v1.29.0 

func NewDefaultEndpointResolverV2() EndpointResolverV2

type HTTPClient 

type HTTPClient interface {
	Do(*http.Request) (*http.Response, error)
}

type HTTPSignerV4 

type HTTPSignerV4 interface {
	SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
}

type ListFirewallPoliciesAPIClient 

type ListFirewallPoliciesAPIClient interface {
	ListFirewallPolicies(context.Context, *ListFirewallPoliciesInput, ...func(*Options)) (*ListFirewallPoliciesOutput, error)
}

ListFirewallPoliciesAPIClient is a client that implements the ListFirewallPolicies operation.

type ListFirewallPoliciesInput 

type ListFirewallPoliciesInput struct {

	// The maximum number of objects that you want Network Firewall to return for this
	// request. If more objects are available, in the response, Network Firewall
	// provides a NextToken value that you can use in a subsequent call to get the
	// next batch of objects.
	MaxResults *int32

	// When you request a list of objects with a MaxResults setting, if the number of
	// objects that are still available for retrieval exceeds the maximum you
	// requested, Network Firewall returns a NextToken value in the response. To
	// retrieve the next batch of objects, use the token returned from the prior
	// request in your next request.
	NextToken *string
	// contains filtered or unexported fields
}

type ListFirewallPoliciesOutput 

type ListFirewallPoliciesOutput struct {

	// The metadata for the firewall policies. Depending on your setting for max
	// results and the number of firewall policies that you have, this might not be the
	// full list.
	FirewallPolicies []types.FirewallPolicyMetadata

	// When you request a list of objects with a MaxResults setting, if the number of
	// objects that are still available for retrieval exceeds the maximum you
	// requested, Network Firewall returns a NextToken value in the response. To
	// retrieve the next batch of objects, use the token returned from the prior
	// request in your next request.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListFirewallPoliciesPaginator 

type ListFirewallPoliciesPaginator struct {
	// contains filtered or unexported fields
}

ListFirewallPoliciesPaginator is a paginator for ListFirewallPolicies

func NewListFirewallPoliciesPaginator 

func NewListFirewallPoliciesPaginator(client ListFirewallPoliciesAPIClient, params *ListFirewallPoliciesInput, optFns ...func(*ListFirewallPoliciesPaginatorOptions)) *ListFirewallPoliciesPaginator

NewListFirewallPoliciesPaginator returns a new ListFirewallPoliciesPaginator

func (*ListFirewallPoliciesPaginator) HasMorePages 

func (p *ListFirewallPoliciesPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListFirewallPoliciesPaginator) NextPage 

func (p *ListFirewallPoliciesPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListFirewallPoliciesOutput, error)

NextPage retrieves the next ListFirewallPolicies page.

type ListFirewallPoliciesPaginatorOptions 

type ListFirewallPoliciesPaginatorOptions struct {
	// The maximum number of objects that you want Network Firewall to return for this
	// request. If more objects are available, in the response, Network Firewall
	// provides a NextToken value that you can use in a subsequent call to get the
	// next batch of objects.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListFirewallPoliciesPaginatorOptions is the paginator options for ListFirewallPolicies

type ListFirewallsAPIClient 

type ListFirewallsAPIClient interface {
	ListFirewalls(context.Context, *ListFirewallsInput, ...func(*Options)) (*ListFirewallsOutput, error)
}

ListFirewallsAPIClient is a client that implements the ListFirewalls operation.

type ListFirewallsInput 

type ListFirewallsInput struct {

	// The maximum number of objects that you want Network Firewall to return for this
	// request. If more objects are available, in the response, Network Firewall
	// provides a NextToken value that you can use in a subsequent call to get the
	// next batch of objects.
	MaxResults *int32

	// When you request a list of objects with a MaxResults setting, if the number of
	// objects that are still available for retrieval exceeds the maximum you
	// requested, Network Firewall returns a NextToken value in the response. To
	// retrieve the next batch of objects, use the token returned from the prior
	// request in your next request.
	NextToken *string

	// The unique identifiers of the VPCs that you want Network Firewall to retrieve
	// the firewalls for. Leave this blank to retrieve all firewalls that you have
	// defined.
	VpcIds []string
	// contains filtered or unexported fields
}

type ListFirewallsOutput 

type ListFirewallsOutput struct {

	// The firewall metadata objects for the VPCs that you specified. Depending on
	// your setting for max results and the number of firewalls you have, a single call
	// might not be the full list.
	Firewalls []types.FirewallMetadata

	// When you request a list of objects with a MaxResults setting, if the number of
	// objects that are still available for retrieval exceeds the maximum you
	// requested, Network Firewall returns a NextToken value in the response. To
	// retrieve the next batch of objects, use the token returned from the prior
	// request in your next request.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListFirewallsPaginator 

type ListFirewallsPaginator struct {
	// contains filtered or unexported fields
}

ListFirewallsPaginator is a paginator for ListFirewalls

func NewListFirewallsPaginator 

func NewListFirewallsPaginator(client ListFirewallsAPIClient, params *ListFirewallsInput, optFns ...func(*ListFirewallsPaginatorOptions)) *ListFirewallsPaginator

NewListFirewallsPaginator returns a new ListFirewallsPaginator

func (*ListFirewallsPaginator) HasMorePages 

func (p *ListFirewallsPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListFirewallsPaginator) NextPage 

func (p *ListFirewallsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListFirewallsOutput, error)

NextPage retrieves the next ListFirewalls page.

type ListFirewallsPaginatorOptions 

type ListFirewallsPaginatorOptions struct {
	// The maximum number of objects that you want Network Firewall to return for this
	// request. If more objects are available, in the response, Network Firewall
	// provides a NextToken value that you can use in a subsequent call to get the
	// next batch of objects.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListFirewallsPaginatorOptions is the paginator options for ListFirewalls

type ListRuleGroupsAPIClient 

type ListRuleGroupsAPIClient interface {
	ListRuleGroups(context.Context, *ListRuleGroupsInput, ...func(*Options)) (*ListRuleGroupsOutput, error)
}

ListRuleGroupsAPIClient is a client that implements the ListRuleGroups operation.

type ListRuleGroupsInput 

type ListRuleGroupsInput struct {

	// Indicates the general category of the Amazon Web Services managed rule group.
	ManagedType types.ResourceManagedType

	// The maximum number of objects that you want Network Firewall to return for this
	// request. If more objects are available, in the response, Network Firewall
	// provides a NextToken value that you can use in a subsequent call to get the
	// next batch of objects.
	MaxResults *int32

	// When you request a list of objects with a MaxResults setting, if the number of
	// objects that are still available for retrieval exceeds the maximum you
	// requested, Network Firewall returns a NextToken value in the response. To
	// retrieve the next batch of objects, use the token returned from the prior
	// request in your next request.
	NextToken *string

	// The scope of the request. The default setting of ACCOUNT or a setting of NULL
	// returns all of the rule groups in your account. A setting of MANAGED returns
	// all available managed rule groups.
	Scope types.ResourceManagedStatus

	// Indicates whether the rule group is stateless or stateful. If the rule group is
	// stateless, it contains stateless rules. If it is stateful, it contains stateful
	// rules.
	Type types.RuleGroupType
	// contains filtered or unexported fields
}

type ListRuleGroupsOutput 

type ListRuleGroupsOutput struct {

	// When you request a list of objects with a MaxResults setting, if the number of
	// objects that are still available for retrieval exceeds the maximum you
	// requested, Network Firewall returns a NextToken value in the response. To
	// retrieve the next batch of objects, use the token returned from the prior
	// request in your next request.
	NextToken *string

	// The rule group metadata objects that you've defined. Depending on your setting
	// for max results and the number of rule groups, this might not be the full list.
	RuleGroups []types.RuleGroupMetadata

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListRuleGroupsPaginator 

type ListRuleGroupsPaginator struct {
	// contains filtered or unexported fields
}

ListRuleGroupsPaginator is a paginator for ListRuleGroups

func NewListRuleGroupsPaginator 

func NewListRuleGroupsPaginator(client ListRuleGroupsAPIClient, params *ListRuleGroupsInput, optFns ...func(*ListRuleGroupsPaginatorOptions)) *ListRuleGroupsPaginator

NewListRuleGroupsPaginator returns a new ListRuleGroupsPaginator

func (*ListRuleGroupsPaginator) HasMorePages 

func (p *ListRuleGroupsPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListRuleGroupsPaginator) NextPage 

func (p *ListRuleGroupsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListRuleGroupsOutput, error)

NextPage retrieves the next ListRuleGroups page.

type ListRuleGroupsPaginatorOptions 

type ListRuleGroupsPaginatorOptions struct {
	// The maximum number of objects that you want Network Firewall to return for this
	// request. If more objects are available, in the response, Network Firewall
	// provides a NextToken value that you can use in a subsequent call to get the
	// next batch of objects.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListRuleGroupsPaginatorOptions is the paginator options for ListRuleGroups

type ListTLSInspectionConfigurationsAPIClient added in v1.25.0 

type ListTLSInspectionConfigurationsAPIClient interface {
	ListTLSInspectionConfigurations(context.Context, *ListTLSInspectionConfigurationsInput, ...func(*Options)) (*ListTLSInspectionConfigurationsOutput, error)
}

ListTLSInspectionConfigurationsAPIClient is a client that implements the ListTLSInspectionConfigurations operation.

type ListTLSInspectionConfigurationsInput added in v1.25.0 

type ListTLSInspectionConfigurationsInput struct {

	// The maximum number of objects that you want Network Firewall to return for this
	// request. If more objects are available, in the response, Network Firewall
	// provides a NextToken value that you can use in a subsequent call to get the
	// next batch of objects.
	MaxResults *int32

	// When you request a list of objects with a MaxResults setting, if the number of
	// objects that are still available for retrieval exceeds the maximum you
	// requested, Network Firewall returns a NextToken value in the response. To
	// retrieve the next batch of objects, use the token returned from the prior
	// request in your next request.
	NextToken *string
	// contains filtered or unexported fields
}

type ListTLSInspectionConfigurationsOutput added in v1.25.0 

type ListTLSInspectionConfigurationsOutput struct {

	// When you request a list of objects with a MaxResults setting, if the number of
	// objects that are still available for retrieval exceeds the maximum you
	// requested, Network Firewall returns a NextToken value in the response. To
	// retrieve the next batch of objects, use the token returned from the prior
	// request in your next request.
	NextToken *string

	// The TLS inspection configuration metadata objects that you've defined.
	// Depending on your setting for max results and the number of TLS inspection
	// configurations, this might not be the full list.
	TLSInspectionConfigurations []types.TLSInspectionConfigurationMetadata

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListTLSInspectionConfigurationsPaginator added in v1.25.0 

type ListTLSInspectionConfigurationsPaginator struct {
	// contains filtered or unexported fields
}

ListTLSInspectionConfigurationsPaginator is a paginator for ListTLSInspectionConfigurations

func NewListTLSInspectionConfigurationsPaginator added in v1.25.0 

func NewListTLSInspectionConfigurationsPaginator(client ListTLSInspectionConfigurationsAPIClient, params *ListTLSInspectionConfigurationsInput, optFns ...func(*ListTLSInspectionConfigurationsPaginatorOptions)) *ListTLSInspectionConfigurationsPaginator

NewListTLSInspectionConfigurationsPaginator returns a new ListTLSInspectionConfigurationsPaginator

func (*ListTLSInspectionConfigurationsPaginator) HasMorePages added in v1.25.0 

func (p *ListTLSInspectionConfigurationsPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListTLSInspectionConfigurationsPaginator) NextPage added in v1.25.0 

func (p *ListTLSInspectionConfigurationsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListTLSInspectionConfigurationsOutput, error)

NextPage retrieves the next ListTLSInspectionConfigurations page.

type ListTLSInspectionConfigurationsPaginatorOptions added in v1.25.0 

type ListTLSInspectionConfigurationsPaginatorOptions struct {
	// The maximum number of objects that you want Network Firewall to return for this
	// request. If more objects are available, in the response, Network Firewall
	// provides a NextToken value that you can use in a subsequent call to get the
	// next batch of objects.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListTLSInspectionConfigurationsPaginatorOptions is the paginator options for ListTLSInspectionConfigurations

type ListTagsForResourceAPIClient 

type ListTagsForResourceAPIClient interface {
	ListTagsForResource(context.Context, *ListTagsForResourceInput, ...func(*Options)) (*ListTagsForResourceOutput, error)
}

ListTagsForResourceAPIClient is a client that implements the ListTagsForResource operation.

type ListTagsForResourceInput 

type ListTagsForResourceInput struct {

	// The Amazon Resource Name (ARN) of the resource.
	//
	// This member is required.
	ResourceArn *string

	// The maximum number of objects that you want Network Firewall to return for this
	// request. If more objects are available, in the response, Network Firewall
	// provides a NextToken value that you can use in a subsequent call to get the
	// next batch of objects.
	MaxResults *int32

	// When you request a list of objects with a MaxResults setting, if the number of
	// objects that are still available for retrieval exceeds the maximum you
	// requested, Network Firewall returns a NextToken value in the response. To
	// retrieve the next batch of objects, use the token returned from the prior
	// request in your next request.
	NextToken *string
	// contains filtered or unexported fields
}

type ListTagsForResourceOutput 

type ListTagsForResourceOutput struct {

	// When you request a list of objects with a MaxResults setting, if the number of
	// objects that are still available for retrieval exceeds the maximum you
	// requested, Network Firewall returns a NextToken value in the response. To
	// retrieve the next batch of objects, use the token returned from the prior
	// request in your next request.
	NextToken *string

	// The tags that are associated with the resource.
	Tags []types.Tag

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListTagsForResourcePaginator 

type ListTagsForResourcePaginator struct {
	// contains filtered or unexported fields
}

ListTagsForResourcePaginator is a paginator for ListTagsForResource

func NewListTagsForResourcePaginator 

func NewListTagsForResourcePaginator(client ListTagsForResourceAPIClient, params *ListTagsForResourceInput, optFns ...func(*ListTagsForResourcePaginatorOptions)) *ListTagsForResourcePaginator

NewListTagsForResourcePaginator returns a new ListTagsForResourcePaginator

func (*ListTagsForResourcePaginator) HasMorePages 

func (p *ListTagsForResourcePaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListTagsForResourcePaginator) NextPage 

func (p *ListTagsForResourcePaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)

NextPage retrieves the next ListTagsForResource page.

type ListTagsForResourcePaginatorOptions 

type ListTagsForResourcePaginatorOptions struct {
	// The maximum number of objects that you want Network Firewall to return for this
	// request. If more objects are available, in the response, Network Firewall
	// provides a NextToken value that you can use in a subsequent call to get the
	// next batch of objects.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListTagsForResourcePaginatorOptions is the paginator options for ListTagsForResource

type Options 

type Options struct {
	// Set of options to modify how an operation is invoked. These apply to all
	// operations invoked for this client. Use functional options on operation call to
	// modify this list for per operation behavior.
	APIOptions []func(*middleware.Stack) error

	// The optional application specific identifier appended to the User-Agent header.
	AppID string

	// This endpoint will be given as input to an EndpointResolverV2. It is used for
	// providing a custom base endpoint that is subject to modifications by the
	// processing EndpointResolverV2.
	BaseEndpoint *string

	// Configures the events that will be sent to the configured logger.
	ClientLogMode aws.ClientLogMode

	// The credentials object to use when signing requests.
	Credentials aws.CredentialsProvider

	// The configuration DefaultsMode that the SDK should use when constructing the
	// clients initial default settings.
	DefaultsMode aws.DefaultsMode

	// The endpoint options to be used when attempting to resolve an endpoint.
	EndpointOptions EndpointResolverOptions

	// The service endpoint resolver.
	//
	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
	// value for this field will likely prevent you from using any endpoint-related
	// service features released after the introduction of EndpointResolverV2 and
	// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
	// endpoint, set the client option BaseEndpoint instead.
	EndpointResolver EndpointResolver

	// Resolves the endpoint used for a particular service operation. This should be
	// used over the deprecated EndpointResolver.
	EndpointResolverV2 EndpointResolverV2

	// Signature Version 4 (SigV4) Signer
	HTTPSignerV4 HTTPSignerV4

	// The logger writer interface to write logging messages to.
	Logger logging.Logger

	// The region to send requests to. (Required)
	Region string

	// RetryMaxAttempts specifies the maximum number attempts an API client will call
	// an operation that fails with a retryable error. A value of 0 is ignored, and
	// will not be used to configure the API client created default retryer, or modify
	// per operation call's retry max attempts. If specified in an operation call's
	// functional options with a value that is different than the constructed client's
	// Options, the Client's Retryer will be wrapped to use the operation's specific
	// RetryMaxAttempts value.
	RetryMaxAttempts int

	// RetryMode specifies the retry mode the API client will be created with, if
	// Retryer option is not also specified. When creating a new API Clients this
	// member will only be used if the Retryer Options member is nil. This value will
	// be ignored if Retryer is not nil. Currently does not support per operation call
	// overrides, may in the future.
	RetryMode aws.RetryMode

	// Retryer guides how HTTP requests should be retried in case of recoverable
	// failures. When nil the API client will use a default retryer. The kind of
	// default retry created by the API client can be changed with the RetryMode
	// option.
	Retryer aws.Retryer

	// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
	// should not populate this structure programmatically, or rely on the values here
	// within your applications.
	RuntimeEnvironment aws.RuntimeEnvironment

	// The HTTP client to invoke API calls with. Defaults to client's default HTTP
	// implementation if nil.
	HTTPClient HTTPClient

	// The auth scheme resolver which determines how to authenticate for each
	// operation.
	AuthSchemeResolver AuthSchemeResolver

	// The list of auth schemes supported by the client.
	AuthSchemes []smithyhttp.AuthScheme
	// contains filtered or unexported fields
}

func (Options) Copy 

func (o Options) Copy() Options

Copy creates a clone where the APIOptions list is deep copied.

func (Options) GetIdentityResolver added in v1.35.2 

func (o Options) GetIdentityResolver(schemeID string) smithyauth.IdentityResolver

type PutResourcePolicyInput 

type PutResourcePolicyInput struct {

	// The IAM policy statement that lists the accounts that you want to share your
	// rule group or firewall policy with and the operations that you want the accounts
	// to be able to perform. For a rule group resource, you can specify the following
	// operations in the Actions section of the statement:
	//   - network-firewall:CreateFirewallPolicy
	//   - network-firewall:UpdateFirewallPolicy
	//   - network-firewall:ListRuleGroups
	// For a firewall policy resource, you can specify the following operations in the
	// Actions section of the statement:
	//   - network-firewall:AssociateFirewallPolicy
	//   - network-firewall:ListFirewallPolicies
	// In the Resource section of the statement, you specify the ARNs for the rule
	// groups and firewall policies that you want to share with the account that you
	// specified in Arn .
	//
	// This member is required.
	Policy *string

	// The Amazon Resource Name (ARN) of the account that you want to share rule
	// groups and firewall policies with.
	//
	// This member is required.
	ResourceArn *string
	// contains filtered or unexported fields
}

type PutResourcePolicyOutput 

type PutResourcePolicyOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ResolveEndpoint 

type ResolveEndpoint struct {
	Resolver EndpointResolver
	Options  EndpointResolverOptions
}

func (*ResolveEndpoint) HandleSerialize 

func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
)

func (*ResolveEndpoint) ID 

func (*ResolveEndpoint) ID() string

type TagResourceInput 

type TagResourceInput struct {

	// The Amazon Resource Name (ARN) of the resource.
	//
	// This member is required.
	ResourceArn *string

	//
	//
	// This member is required.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type TagResourceOutput 

type TagResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UntagResourceInput 

type UntagResourceInput struct {

	// The Amazon Resource Name (ARN) of the resource.
	//
	// This member is required.
	ResourceArn *string

	//
	//
	// This member is required.
	TagKeys []string
	// contains filtered or unexported fields
}

type UntagResourceOutput 

type UntagResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateFirewallDeleteProtectionInput 

type UpdateFirewallDeleteProtectionInput struct {

	// A flag indicating whether it is possible to delete the firewall. A setting of
	// TRUE indicates that the firewall is protected against deletion. Use this setting
	// to protect against accidentally deleting a firewall that is in use. When you
	// create a firewall, the operation initializes this flag to TRUE .
	//
	// This member is required.
	DeleteProtection bool

	// The Amazon Resource Name (ARN) of the firewall. You must specify the ARN or the
	// name, and you can specify both.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it. You must specify the ARN or the name, and you can specify
	// both.
	FirewallName *string

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string
	// contains filtered or unexported fields
}

type UpdateFirewallDeleteProtectionOutput 

type UpdateFirewallDeleteProtectionOutput struct {

	// A flag indicating whether it is possible to delete the firewall. A setting of
	// TRUE indicates that the firewall is protected against deletion. Use this setting
	// to protect against accidentally deleting a firewall that is in use. When you
	// create a firewall, the operation initializes this flag to TRUE .
	DeleteProtection bool

	// The Amazon Resource Name (ARN) of the firewall.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it.
	FirewallName *string

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateFirewallDescriptionInput 

type UpdateFirewallDescriptionInput struct {

	// The new description for the firewall. If you omit this setting, Network
	// Firewall removes the description for the firewall.
	Description *string

	// The Amazon Resource Name (ARN) of the firewall. You must specify the ARN or the
	// name, and you can specify both.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it. You must specify the ARN or the name, and you can specify
	// both.
	FirewallName *string

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string
	// contains filtered or unexported fields
}

type UpdateFirewallDescriptionOutput 

type UpdateFirewallDescriptionOutput struct {

	// A description of the firewall.
	Description *string

	// The Amazon Resource Name (ARN) of the firewall.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it.
	FirewallName *string

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateFirewallEncryptionConfigurationInput added in v1.16.0 

type UpdateFirewallEncryptionConfigurationInput struct {

	// A complex type that contains optional Amazon Web Services Key Management
	// Service (KMS) encryption settings for your Network Firewall resources. Your data
	// is encrypted by default with an Amazon Web Services owned key that Amazon Web
	// Services owns and manages for you. You can use either the Amazon Web Services
	// owned key, or provide your own customer managed key. To learn more about KMS
	// encryption of your Network Firewall resources, see Encryption at rest with
	// Amazon Web Services Key Managment Service (https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html)
	// in the Network Firewall Developer Guide.
	EncryptionConfiguration *types.EncryptionConfiguration

	// The Amazon Resource Name (ARN) of the firewall.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it.
	FirewallName *string

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string
	// contains filtered or unexported fields
}

type UpdateFirewallEncryptionConfigurationOutput added in v1.16.0 

type UpdateFirewallEncryptionConfigurationOutput struct {

	// A complex type that contains optional Amazon Web Services Key Management
	// Service (KMS) encryption settings for your Network Firewall resources. Your data
	// is encrypted by default with an Amazon Web Services owned key that Amazon Web
	// Services owns and manages for you. You can use either the Amazon Web Services
	// owned key, or provide your own customer managed key. To learn more about KMS
	// encryption of your Network Firewall resources, see Encryption at rest with
	// Amazon Web Services Key Managment Service (https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html)
	// in the Network Firewall Developer Guide.
	EncryptionConfiguration *types.EncryptionConfiguration

	// The Amazon Resource Name (ARN) of the firewall.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it.
	FirewallName *string

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateFirewallPolicyChangeProtectionInput 

type UpdateFirewallPolicyChangeProtectionInput struct {

	// A setting indicating whether the firewall is protected against a change to the
	// firewall policy association. Use this setting to protect against accidentally
	// modifying the firewall policy for a firewall that is in use. When you create a
	// firewall, the operation initializes this setting to TRUE .
	//
	// This member is required.
	FirewallPolicyChangeProtection bool

	// The Amazon Resource Name (ARN) of the firewall. You must specify the ARN or the
	// name, and you can specify both.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it. You must specify the ARN or the name, and you can specify
	// both.
	FirewallName *string

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string
	// contains filtered or unexported fields
}

type UpdateFirewallPolicyChangeProtectionOutput 

type UpdateFirewallPolicyChangeProtectionOutput struct {

	// The Amazon Resource Name (ARN) of the firewall.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it.
	FirewallName *string

	// A setting indicating whether the firewall is protected against a change to the
	// firewall policy association. Use this setting to protect against accidentally
	// modifying the firewall policy for a firewall that is in use. When you create a
	// firewall, the operation initializes this setting to TRUE .
	FirewallPolicyChangeProtection bool

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateFirewallPolicyInput 

type UpdateFirewallPolicyInput struct {

	// The updated firewall policy to use for the firewall. You can't add or remove a
	// TLSInspectionConfiguration after you create a firewall policy. However, you can
	// replace an existing TLS inspection configuration with another
	// TLSInspectionConfiguration .
	//
	// This member is required.
	FirewallPolicy *types.FirewallPolicy

	// A token used for optimistic locking. Network Firewall returns a token to your
	// requests that access the firewall policy. The token marks the state of the
	// policy resource at the time of the request. To make changes to the policy, you
	// provide the token in your request. Network Firewall uses the token to ensure
	// that the policy hasn't changed since you last retrieved it. If it has changed,
	// the operation fails with an InvalidTokenException . If this happens, retrieve
	// the firewall policy again to get a current copy of it with current token.
	// Reapply your changes as needed, then try the operation again using the new
	// token.
	//
	// This member is required.
	UpdateToken *string

	// A description of the firewall policy.
	Description *string

	// Indicates whether you want Network Firewall to just check the validity of the
	// request, rather than run the request. If set to TRUE , Network Firewall checks
	// whether the request can run successfully, but doesn't actually make the
	// requested changes. The call returns the value that the request would return if
	// you ran it with dry run set to FALSE , but doesn't make additions or changes to
	// your resources. This option allows you to make sure that you have the required
	// permissions to run the request and that your request parameters are valid. If
	// set to FALSE , Network Firewall makes the requested changes to your resources.
	DryRun bool

	// A complex type that contains settings for encryption of your firewall policy
	// resources.
	EncryptionConfiguration *types.EncryptionConfiguration

	// The Amazon Resource Name (ARN) of the firewall policy. You must specify the ARN
	// or the name, and you can specify both.
	FirewallPolicyArn *string

	// The descriptive name of the firewall policy. You can't change the name of a
	// firewall policy after you create it. You must specify the ARN or the name, and
	// you can specify both.
	FirewallPolicyName *string
	// contains filtered or unexported fields
}

type UpdateFirewallPolicyOutput 

type UpdateFirewallPolicyOutput struct {

	// The high-level properties of a firewall policy. This, along with the
	// FirewallPolicy , define the policy. You can retrieve all objects for a firewall
	// policy by calling DescribeFirewallPolicy .
	//
	// This member is required.
	FirewallPolicyResponse *types.FirewallPolicyResponse

	// A token used for optimistic locking. Network Firewall returns a token to your
	// requests that access the firewall policy. The token marks the state of the
	// policy resource at the time of the request. To make changes to the policy, you
	// provide the token in your request. Network Firewall uses the token to ensure
	// that the policy hasn't changed since you last retrieved it. If it has changed,
	// the operation fails with an InvalidTokenException . If this happens, retrieve
	// the firewall policy again to get a current copy of it with current token.
	// Reapply your changes as needed, then try the operation again using the new
	// token.
	//
	// This member is required.
	UpdateToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateLoggingConfigurationInput 

type UpdateLoggingConfigurationInput struct {

	// The Amazon Resource Name (ARN) of the firewall. You must specify the ARN or the
	// name, and you can specify both.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it. You must specify the ARN or the name, and you can specify
	// both.
	FirewallName *string

	// Defines how Network Firewall performs logging for a firewall. If you omit this
	// setting, Network Firewall disables logging for the firewall.
	LoggingConfiguration *types.LoggingConfiguration
	// contains filtered or unexported fields
}

type UpdateLoggingConfigurationOutput 

type UpdateLoggingConfigurationOutput struct {

	// The Amazon Resource Name (ARN) of the firewall.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it.
	FirewallName *string

	// Defines how Network Firewall performs logging for a Firewall .
	LoggingConfiguration *types.LoggingConfiguration

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateRuleGroupInput 

type UpdateRuleGroupInput struct {

	// A token used for optimistic locking. Network Firewall returns a token to your
	// requests that access the rule group. The token marks the state of the rule group
	// resource at the time of the request. To make changes to the rule group, you
	// provide the token in your request. Network Firewall uses the token to ensure
	// that the rule group hasn't changed since you last retrieved it. If it has
	// changed, the operation fails with an InvalidTokenException . If this happens,
	// retrieve the rule group again to get a current copy of it with a current token.
	// Reapply your changes as needed, then try the operation again using the new
	// token.
	//
	// This member is required.
	UpdateToken *string

	// Indicates whether you want Network Firewall to analyze the stateless rules in
	// the rule group for rule behavior such as asymmetric routing. If set to TRUE ,
	// Network Firewall runs the analysis and then updates the rule group for you. To
	// run the stateless rule group analyzer without updating the rule group, set
	// DryRun to TRUE .
	AnalyzeRuleGroup bool

	// A description of the rule group.
	Description *string

	// Indicates whether you want Network Firewall to just check the validity of the
	// request, rather than run the request. If set to TRUE , Network Firewall checks
	// whether the request can run successfully, but doesn't actually make the
	// requested changes. The call returns the value that the request would return if
	// you ran it with dry run set to FALSE , but doesn't make additions or changes to
	// your resources. This option allows you to make sure that you have the required
	// permissions to run the request and that your request parameters are valid. If
	// set to FALSE , Network Firewall makes the requested changes to your resources.
	DryRun bool

	// A complex type that contains settings for encryption of your rule group
	// resources.
	EncryptionConfiguration *types.EncryptionConfiguration

	// An object that defines the rule group rules. You must provide either this rule
	// group setting or a Rules setting, but not both.
	RuleGroup *types.RuleGroup

	// The Amazon Resource Name (ARN) of the rule group. You must specify the ARN or
	// the name, and you can specify both.
	RuleGroupArn *string

	// The descriptive name of the rule group. You can't change the name of a rule
	// group after you create it. You must specify the ARN or the name, and you can
	// specify both.
	RuleGroupName *string

	// A string containing stateful rule group rules specifications in Suricata flat
	// format, with one rule per line. Use this to import your existing Suricata
	// compatible rule groups. You must provide either this rules setting or a
	// populated RuleGroup setting, but not both. You can provide your rule group
	// specification in Suricata flat format through this setting when you create or
	// update your rule group. The call response returns a RuleGroup object that
	// Network Firewall has populated from your string.
	Rules *string

	// A complex type that contains metadata about the rule group that your own rule
	// group is copied from. You can use the metadata to keep track of updates made to
	// the originating rule group.
	SourceMetadata *types.SourceMetadata

	// Indicates whether the rule group is stateless or stateful. If the rule group is
	// stateless, it contains stateless rules. If it is stateful, it contains stateful
	// rules. This setting is required for requests that do not include the
	// RuleGroupARN .
	Type types.RuleGroupType
	// contains filtered or unexported fields
}

type UpdateRuleGroupOutput 

type UpdateRuleGroupOutput struct {

	// The high-level properties of a rule group. This, along with the RuleGroup ,
	// define the rule group. You can retrieve all objects for a rule group by calling
	// DescribeRuleGroup .
	//
	// This member is required.
	RuleGroupResponse *types.RuleGroupResponse

	// A token used for optimistic locking. Network Firewall returns a token to your
	// requests that access the rule group. The token marks the state of the rule group
	// resource at the time of the request. To make changes to the rule group, you
	// provide the token in your request. Network Firewall uses the token to ensure
	// that the rule group hasn't changed since you last retrieved it. If it has
	// changed, the operation fails with an InvalidTokenException . If this happens,
	// retrieve the rule group again to get a current copy of it with a current token.
	// Reapply your changes as needed, then try the operation again using the new
	// token.
	//
	// This member is required.
	UpdateToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateSubnetChangeProtectionInput 

type UpdateSubnetChangeProtectionInput struct {

	// A setting indicating whether the firewall is protected against changes to the
	// subnet associations. Use this setting to protect against accidentally modifying
	// the subnet associations for a firewall that is in use. When you create a
	// firewall, the operation initializes this setting to TRUE .
	//
	// This member is required.
	SubnetChangeProtection bool

	// The Amazon Resource Name (ARN) of the firewall. You must specify the ARN or the
	// name, and you can specify both.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it. You must specify the ARN or the name, and you can specify
	// both.
	FirewallName *string

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string
	// contains filtered or unexported fields
}

type UpdateSubnetChangeProtectionOutput 

type UpdateSubnetChangeProtectionOutput struct {

	// The Amazon Resource Name (ARN) of the firewall.
	FirewallArn *string

	// The descriptive name of the firewall. You can't change the name of a firewall
	// after you create it.
	FirewallName *string

	// A setting indicating whether the firewall is protected against changes to the
	// subnet associations. Use this setting to protect against accidentally modifying
	// the subnet associations for a firewall that is in use. When you create a
	// firewall, the operation initializes this setting to TRUE .
	SubnetChangeProtection bool

	// An optional token that you can use for optimistic locking. Network Firewall
	// returns a token to your requests that access the firewall. The token marks the
	// state of the firewall resource at the time of the request. To make an
	// unconditional change to the firewall, omit the token in your update request.
	// Without the token, Network Firewall performs your updates regardless of whether
	// the firewall has changed since you last retrieved it. To make a conditional
	// change to the firewall, provide the token in your update request. Network
	// Firewall uses the token to ensure that the firewall hasn't changed since you
	// last retrieved it. If it has changed, the operation fails with an
	// InvalidTokenException . If this happens, retrieve the firewall again to get a
	// current copy of it with a new token. Reapply your changes as needed, then try
	// the operation again using the new token.
	UpdateToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateTLSInspectionConfigurationInput added in v1.25.0 

type UpdateTLSInspectionConfigurationInput struct {

	// The object that defines a TLS inspection configuration. This, along with
	// TLSInspectionConfigurationResponse , define the TLS inspection configuration.
	// You can retrieve all objects for a TLS inspection configuration by calling
	// DescribeTLSInspectionConfiguration . Network Firewall uses a TLS inspection
	// configuration to decrypt traffic. Network Firewall re-encrypts the traffic
	// before sending it to its destination. To use a TLS inspection configuration, you
	// add it to a new Network Firewall firewall policy, then you apply the firewall
	// policy to a firewall. Network Firewall acts as a proxy service to decrypt and
	// inspect the traffic traveling through your firewalls. You can reference a TLS
	// inspection configuration from more than one firewall policy, and you can use a
	// firewall policy in more than one firewall. For more information about using TLS
	// inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection
	// configurations (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html)
	// in the Network Firewall Developer Guide.
	//
	// This member is required.
	TLSInspectionConfiguration *types.TLSInspectionConfiguration

	// A token used for optimistic locking. Network Firewall returns a token to your
	// requests that access the TLS inspection configuration. The token marks the state
	// of the TLS inspection configuration resource at the time of the request. To make
	// changes to the TLS inspection configuration, you provide the token in your
	// request. Network Firewall uses the token to ensure that the TLS inspection
	// configuration hasn't changed since you last retrieved it. If it has changed, the
	// operation fails with an InvalidTokenException . If this happens, retrieve the
	// TLS inspection configuration again to get a current copy of it with a current
	// token. Reapply your changes as needed, then try the operation again using the
	// new token.
	//
	// This member is required.
	UpdateToken *string

	// A description of the TLS inspection configuration.
	Description *string

	// A complex type that contains the Amazon Web Services KMS encryption
	// configuration settings for your TLS inspection configuration.
	EncryptionConfiguration *types.EncryptionConfiguration

	// The Amazon Resource Name (ARN) of the TLS inspection configuration.
	TLSInspectionConfigurationArn *string

	// The descriptive name of the TLS inspection configuration. You can't change the
	// name of a TLS inspection configuration after you create it.
	TLSInspectionConfigurationName *string
	// contains filtered or unexported fields
}

type UpdateTLSInspectionConfigurationOutput added in v1.25.0 

type UpdateTLSInspectionConfigurationOutput struct {

	// The high-level properties of a TLS inspection configuration. This, along with
	// the TLSInspectionConfiguration , define the TLS inspection configuration. You
	// can retrieve all objects for a TLS inspection configuration by calling
	// DescribeTLSInspectionConfiguration .
	//
	// This member is required.
	TLSInspectionConfigurationResponse *types.TLSInspectionConfigurationResponse

	// A token used for optimistic locking. Network Firewall returns a token to your
	// requests that access the TLS inspection configuration. The token marks the state
	// of the TLS inspection configuration resource at the time of the request. To make
	// changes to the TLS inspection configuration, you provide the token in your
	// request. Network Firewall uses the token to ensure that the TLS inspection
	// configuration hasn't changed since you last retrieved it. If it has changed, the
	// operation fails with an InvalidTokenException . If this happens, retrieve the
	// TLS inspection configuration again to get a current copy of it with a current
	// token. Reapply your changes as needed, then try the operation again using the
	// new token.
	//
	// This member is required.
	UpdateToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

Source Files

View all Source files

Directories

Path Synopsis
internal
endpoints

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.